vb.org Archive
Page 3 of 7 12 3 45 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)
-   -   Someone is trying to hack my account (https://vborg.vbsupport.ru/showthread.php?t=298910)

Bluemax712 06-09-2013 10:34 PM
I kind of feel unworthy since they only used 1 IP to try to crack my password :(

Biker_GA 06-09-2013 10:41 PM
Nice to see the typical corporate response to something like this. Ignore it and it'll go away.

What would shock me is if someone actually started to get proactive with crap like this. You have server logs. Turn the cretins in.

Bluemax712 06-09-2013 10:47 PM
Quote:
Originally Posted by Biker_GA (Post 2427000)
Nice to see the typical corporate response to something like this. Ignore it and it'll go away.

What would shock me is if someone actually started to get proactive with crap like this. You have server logs. Turn the cretins in.
Well since they can get a new ip as quick as anyone can block them
it is pretty much useless to block them by IP

the vB s/w is doing it's job - doesn't seem like anything more need or can be done to be proactive -do you have any ideas?

Simon Lloyd 06-09-2013 10:54 PM
There are many many ways of limiting their access, here's one if you know their useragent https://vborg.vbsupport.ru/showthread.php?t=264932, but there are simpler thinsg you can do, don't allow guests to view members list, dont allow guests to view who's online, force password changing (vb3.8 onwards) every xx days.......the list goes on :)

Bluemax712 06-09-2013 11:02 PM
Quote:
Originally Posted by Simon Lloyd (Post 2427004)
There are many many ways of limiting their access, here's one if you know their useragent https://vborg.vbsupport.ru/showthread.php?t=264932, but there are simpler thinsg you can do, don't allow guests to view members list, dont allow guests to view who's online, force password changing (vb3.8 onwards) every xx days.......the list goes on :)
Looking at my logs under last attack - noticed they rotated through multiple User Agents all in the same 1 minute span ..that option of defense really seems to be a very minor hindrance to a real attack. Highly Agree about blocking the member list to guests help - vB.org should really consider this - especially the way this last attack occured alphabetically - I don't even see a valid reason to make the list available to registered users . Hate forced password changes myself - seems to encourage users to pin them to their workstation to keep up.

Avros 06-09-2013 11:17 PM
Set guest to post limits of five or more before they can view lists. As we all mentioned earlier, it is only when a human spammer directly invades your forum, that you need to worry and report them. Bots just like any other insect, is a pest that can be dealt with in very simple precautionary measures.

As for cataloging these IP, that has already been done at 'stopforumspam.com' they already have a long list of reported IPs you can check against.

Simon Lloyd 06-09-2013 11:21 PM
Quote:
Originally Posted by Avros (Post 2427007)
Set guest to post limits of five or more before they can view lists......
Whaaaaaat!!!! DON'T ALLOW GUESTS TO POST, bad, bad, bad!

--------------- Added [DATE]1370827366[/DATE] at [TIME]1370827366[/TIME] ---------------

Quote:
Originally Posted by Avros (Post 2427007)
As for cataloging these IP, that has already been done at 'stopforumspam.com' they already have a long list of reported IPs you can check against.
Unfortunately i stopped using this a long long while ago as it kept catching legitimate users!

Avros 06-09-2013 11:23 PM
I meant to say they cannot view members list

Black Tiger 06-09-2013 11:37 PM
Quote:
don't allow guests to view members list, dont allow guests to view who's online
I second that. Especially if that's the way they get the names.
At this moment the are busy with BL from the alphabet, because I could dozens of mails since yesterday evening.:D

Black Hole 06-09-2013 11:51 PM
I've received 27 emails, all with different IP's attempting to login to my account.


All times are GMT. The time now is 11:24 PM.
Page 3 of 7 12 3 45 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01695 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete